Julien Based on your description, it seems Hive is doing the right thing. If doAs=true, then the user “hive” need to be have the permission to impersonate others.
Also, FYI, it is recommended to run HiveServer2 as doAs=false. If any users needs access to underlying HDFS folders (or using ETL, Pig or HiveCLI), then only for those users give permission at the HDFS level also. Thanks Bosco From: Julien Carme <[email protected]> Reply-To: <[email protected]> Date: Monday, January 11, 2016 at 1:07 AM To: <[email protected]> Subject: Re: Cannot create Hive external table Hello, Thanks for your answer. We check the Ranger audit and the problem actually does not come from Ranger, but from Hive. DoAS=T did not work any more, "User: hive is not allowed to impersonate XXX". It works now if we change hadoop.proxyuser.hive.groups to '*'. We are trying to find a cleaner solution and to understand why that has changed. Anyway, sorry for having posted on the Ranger mailing list a non-Ranger issue. And thanks for your help. Julien 2016-01-08 21:50 GMT+01:00 Don Bosco Durai <[email protected]>: Julien Have you checked the Ranger Audit logs to see whether the block came from Ranger? Also, are you using Ranger on both HDFS and Hive side? Thanks Bosco From: Julien Carme <[email protected]> Reply-To: <[email protected]> Date: Friday, January 8, 2016 at 10:20 AM To: <[email protected]> Subject: Cannot create Hive external table Hello, I have just updated HDP from 2.2 to 2.3, so I am now using Ranger 0.5.0 and Hive 1.2.1 I try to create an external table using insert overwrite directory '/tmp/test' select * from my_table; Previously it was working fine. But now I always get: Error occurred executing hive query: Error while compiling statement: FAILED: HiveAccessControlException Permission denied: user [my_login] does not have [WRITE] privilege on [/tmp/test] I tried not creating /tmp/test, I tried creating /tmp/test with 777 mod, I tried giving any permission I can with Ranger HDFS and Hive right managers, I tried doAs=T and doAs=F, whatever I do I always get this error message. There is just now no way for me to create external tables. Any help would be greatly appreciated. Best Regards,
